soft target selection

8 06 2010

So for the first one, lets ease into things. I have called it soft target selection as this isnt anything too exciting, no cracking, no exploiting – just natural selection 😉

So, hypothetically you are using a wifi sniffer & you stumble across a nice juicy open wifi …. so whats next …. ok – we jumped ahead a step there. How did we come to find a open wifi ? – well, there are several apps around – try here.

As with most things I will be posting, I will focus on using backtrack and in the examples, I am using a usb wifi dongle.

dmesg will hopefully show us the dongle attached

root@bt:~# dmesg
usb 1-1: new high speed USB device using ehci_hcd and address 3
usb 1-1: configuration #1 chosen from 1 choice
usb 1-1: reset high speed USB device using ehci_hcd and address 3
phy1: Selected rate control algorithm 'minstrel'
zd1211rw 1-1:1.0: phy1
usb 1-1: firmware: requesting zd1211/zd1211_ub
usb 1-1: firmware: requesting zd1211/zd1211_uphr
zd1211rw 1-1:1.0: firmware version 4605
zd1211rw 1-1:1.0: zd1211 chip 0ace:1211 v4330 high 00-03-6d RF2959_RF pa0 -----
ADDRCONF(NETDEV_UP): wlan0: link is not ready

ok, so backtrack sees our adaptor, now we need to get it up & running (dont forget the all important macchanger command)

root@bt:~# ifconfig -a
wlan0     Link encap:Ethernet  HWaddr 00:40:29:47:ca:fa
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
root@bt:~# macchanger -A wlan0
Current MAC: 00:40:29:47:ca:fa (Compex)
Faked MAC:   00:07:d1:88:11:0f (Spectrum Signal Processing Inc.)
root@bt:~# ifconfig wlan0 up

kick the card into monitor mode

root@bt:~# airmon-ng start wlan0

Interface       Chipset         Driver

wlan0           ZyDAS 1211      zd1211rw - [phy0]
                                (monitor mode enabled on mon0)

and check for the wireless nodes around you

root@bt:~# airodump-ng mon0

 CH  9 ][ Elapsed: 1 min ][ 2007-04-26 17:41 ][ WPA handshake: 00:14:6C:7E:40:80

 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

 00:09:5B:1C:AA:1D   11  16       10        0    0  11  54.  OPN              NETGEAR
 00:14:6C:7A:41:81   34 100       57       14    1   9  11e  WEP  WEP         bigbear
 00:14:6C:7E:40:80   32 100      752       73    2   9  54   WPA  TKIP   PSK  teddy                             

 BSSID              STATION            PWR   Rate   Lost  Packets  Probes

 00:14:6C:7A:41:81  00:0F:B5:32:31:31   51   36-24    2       14
 (not associated)   00:14:A4:3F:8D:13   19    0-0     0        4    mossy
 00:14:6C:7A:41:81  00:0C:41:52:D1:D1   -1   36-36    0        5
 00:14:6C:7E:40:80  00:0F:B5:FD:FB:C2   35   54-54    0       99    teddy

So, NETGEAR is OPEN – no encryption at all …. FAIL!

Well – I said it wasnt too exciting, we found an open wifi access point – tune in next time to see what we can do with it…




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: